Identifying and patching vulnerabilities of camera-LiDAR based Autonomous Driving Systems
Autonomous driving systems rely on advanced perception models to interpret their surroundings and make real-time driving decisions. Among these, Bird’s Eye View (BEV) perception has emerged as a critical component, offering a unified 3D representation from multi-camera and sensor inputs. While BEV-based models have gained traction in industry-leading platforms, their security vulnerabilities remain largely underexplored in adversarial machine learning research. This study provides a multi-dimensional security analysis of BEV perception models, focusing on adversarial threats in both vision-only and multi-sensor fusion architectures. We examine the susceptibility of state-of-the-art models - including BEVDet, BEVDet4D, DAL, and BEVFormer—to adversarial attacks targeting their detection and decision-making capabilities. Unlike traditional adversarial research that primarily misleads perception models at the classification level, this study investigates real-world attack scenarios where adversaries can manipulate perception to cause practical disruptions, such as inducing traffic congestion or triggering unsafe vehicle behaviors. Our findings reveal significant security risks in BEV-based perception, with both vision-only and sensor-fusion models vulnerable to adversarial perturbations. Attack transferability across architectures further highlights the urgency of developing robust defense mechanisms to ensure the reliability of self-driving technology. This work underscores the need for adversarially resilient perception models to safeguard the future of autonomous driving.
Language
- English
Project
- Status: Completed
- Funding: $112393
-
Contract Numbers:
69A3552344812
69A3552348317
-
Sponsor Organizations:
Office of the Assistant Secretary for Research and Technology
University Transportation Centers Program
Department of Transportation
Washington, DC United States 20590University of California, Santa Cruz
1156 High Street, Mail Stop SOE2
Santa Cruz, California United Kingdom 95064 800 W Campbell Rd
Richardson, Texas United States 75080 -
Managing Organizations:
National Center for Transportation Cybersecurity and Resiliency (TraCR)
Clemson University
Clemson, SC United StatesUniversity of California, Santa Cruz
1156 High Street, Mail Stop SOE2
Santa Cruz, California United Kingdom 95064 -
Project Managers:
Chowdhury, Mashrur
-
Performing Organizations:
University of California, Santa Cruz
1156 High Street, Mail Stop SOE2
Santa Cruz, California United Kingdom 95064 800 W Campbell Rd
Richardson, Texas United States 75080 -
Principal Investigators:
Xie, Cihang
Cardenas, Alvaro
Kantarcioglu, Murat
- Start Date: 20240101
- Expected Completion Date: 20241231
- Actual Completion Date: 0
- USDOT Program: University Transportation Centers
Subject/Index Terms
- TRT Terms: Autonomous vehicles; Cameras; Computer security; Laser radar; Machine learning; Physical phenomena; Safety; Sensors
- Subject Areas: Data and Information Technology; Planning and Forecasting; Safety and Human Factors; Security and Emergencies; Transportation (General); Vehicles and Equipment;
Filing Info
- Accession Number: 01906996
- Record Type: Research project
- Source Agency: National Center for Transportation Cybersecurity and Resiliency (TraCR)
- Contract Numbers: 69A3552344812, 69A3552348317
- Files: UTC, RIP
- Created Date: Feb 5 2024 4:04PM